CVE-2023-46307

Read Time:22 Second

Posted by Kevin on Nov 27

While conducting a penetration test for a client, they were running an
application called etc-browser which is a public GitHub project with a
Docker container. While fuzzing the web server spun up with etcd-browser
(which can run on any arbitrary port), the application had a Directory
Traversal vulnerability that is simply triggered with the following payload:

GET /../../../../../../../../../../../../etc/passwd

If running in the docker…

Read More